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DETAILED ACTION 

1 . Claims 1 , 3, 7, 11, and 1 2 were amended in the amendment filed on 11/1 2/2009. 
Claims 1-12 are pending. 

Response to Arguments 

2. Applicant's arguments filed 1 1/12/2009 have been fully considered but they are 
not persuasive. 

A. Applicant argues that the amendments to claim 12 satisfy the requirements 
of MPEP §608.01(0) 

The examiner traverses. The examiner again directs the applicant to MPEP 
§608.01(o). Clear support in the specification or antecedent basis for new terms 
appearing in the claims is required in order to insure certainty in construing claims. In 
the context of claim language directly related to a 35 U.S.C. §101 determination the 
exact language of the claims must be supported by the specification in order to provide 
a certain determination of patent eligible subject matter. In this case, the applicant uses 
the term "computer readable medium arrangement or storage device arrangement" in 
the claims. However, that terms do not appear in the specification. Correction is 
required. 

B. Applicant argues that the "system" of claim 11 necessarily includes the 
physical articles or objects to constitute a machine under 35 U.S.C. §101. 
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The examiner traverses. Claim 1 1 claims a "means for determining", a "means 
for authorizing", a "means for establishing", and a "means for transferring". When the 
"means" are given their broadest reasonable interpretation in light of the specification 
the means can be interpreted to be embodied completely in software, e.g., the software 
running on the hardware elements cited in the applicant's arguments. 

C. Applicant argues that Hare does not have three networks. 

The examiner traverses. Hare teaches a network for non-conforming clients, a 
network for conforming clients, and a network the encompasses both of those networks. 
Therefore, Hare teaches three networks. 

D. Applicant argues that Sobel does not disclose or suggest two protocols. 

The examiner traverses. Hare teaches a network for conforming clients and a 
network for nonconforming clients using PPPoE access. Sobel teaches assigning 
network membership to a client based on the client's compliance with the security 
policies. Therefore the combination of Hare and Sobel teaches two protocols. 

E. Applicant argues Sobel does not teach "services" or a "service provider". 

The examiner traverses. Sobel teaches assigning network membership to a 
client based on the client's compliance with the security policies in order to provide 
access to enterprise resources, a DNS, and a DHCP server which provide services. 
Therefore, Sobel teaches services and service providers. 
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F. Applicant argues that Malik does not teach techniques for accessing by a 
client services provided by a service provider. 

The examiner traverses. Sobel teaches assigning clients to networks with access 
to services based on security policies. Malik teaches principles and practices of security 
for networks. Therefore, the combination of Sobel and Malik teaches techniques for 
accessing by a client services provided by a service provider. 

Specification 

3. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: the specification fails to provide antecedent basis for 
"computer readable medium arrangement or storage device arrangement including a 
computer readable indicia" in claim 12, line 1. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 11-12 are rejected under 35 U.S.C. 1 01 because the claimed invention is 
directed to non-statutory subject matter. 

With regard to claim 11, when "system" is given its broadest reasonable 
interpretation in light of the specification it claims an invention completely embodied in 
computer software. The claim lacks the necessary physical articles or objects to 
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constitute a machine or a manufacture within the meaning of 35 U.S.C. 101. It is clearly 
not a series of steps or acts to be a process nor is it a combination of chemical 
compounds to be a composition of matter. As such, it fails to fall within a statutory 
category. It is, at best, functional descriptive material per se. 

With respect to claims 12, since the metes and bounds of "a computer readable 
medium arrangement or storage device arrangement" is not clear in the specification, 
the "computer readable medium arrangement or storage device arrangement" is 
interpreted to include a transmission type medium; as such the claim is drawn to a form 
of energy. Energy is not one of the four categories of invention and therefore the 
claim(s) is/are not statutory. Energy is not a series of steps or acts and thus is not a 
process. Energy is not a physical article or object and as such is not a machine or 
manufacture. Energy is not combination of substances and therefor not a composition 
of matter. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-3, 6, and 11-12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hare etal. (U.S. Pub. No. 2003/0167338) in view of Sobel et al. (U.S. 
Pat. No. 7,249,187). 
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With regard to claim 1 , Hare teaches the client being able to transmit and/or 
receive information according to a point-to-point transport protocol via a 
telecommunication network (i.e., a client capable of connecting using PPPoE, pages 2- 
3, section 0020, and Fig. 1, item 131) and a session concentrator which is able to 
transmit and/or receive information according to the point-to-point transport protocol 
(i.e., the concentrator receives the PPPoE frames, pages 2-3, section 0020), where the 
non-conforming clients are given access to a session concentrator (i.e., unsupported 
clients are given access to the concentrator, page 2, section 0015, and Fig. 1). Hare 
teaches non-conforming clients being set up on the telecommunication network and 
allowing access to the session concentrator (i.e., a unsupported client is given access to 
the concentrator via a LAN, WAN or the internet, page 2, section 0018 ), establishing a 
session between the non-conforming client and the session concentrator according to a 
point-to-point transport protocol (i.e., a virtual PPPoE session is established between 
the client and the concentrator), transferring, by the session concentrator, the 
information transmitted by the non-conforming client in the established session to a 
network for clients that conform to the access control protocol (i.e., both conforming and 
non-conforming clients are given access to a network via a concentrator, Fig. 1 , item 
160), and the network for conforming clients being set up on the telecommunication 
network and allowing access to the services provided by the service provider, and 
reciprocally (i.e., clients are given access to services provided by service providers, 
page 1 , section 0002). 
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Hare does not teach the method being performed by using an access control 
protocol in the telecommunication network to control access to the services provided by 
the service provider, the method comprising determining whether or not the client 
conforms to the access control protocol, authorizing the client that does not conform to 
the access control protocol to access a network for non-conforming clients, and where 
the non-conforming clients are given access and sessions are established using a 
network for non-conforming clients. However, Sobel teaches the method being 
performed by using an access control protocol in the telecommunication network to 
control access to the services provided by the service provider (i.e., network access to a 
corporate network is controlled by security policies, col. 3, lines 45-55), the method 
comprising determining whether or not the client conforms to the access control protocol 
(i.e., a compliance verification component determines if the client complies with the 
security policies, col. 4, lines 17-21), authorizing the client that does not conform to the 
access control protocol to access a network for non-conforming clients (i.e., non- 
compliant clients are given access to a restricted network, col. 5, lines 37-45), and 
where the non-conforming clients are given access and sessions are established using 
a network for non-conforming clients (i.e., non-compliant clients are assigned to a 
restricted network) in order to ensure compliance with network access policies (col. 1 , 
lines 6-9). Therefore, based on Hare in view of Sobel, it would have been obvious to a 
person having ordinary skill in the art at the time the invention was made to utilize the 
teaching of Sobel in the system of Hare in order to ensure compliance with network 
access policies. 
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With regard to claim 2, Hare teaches wherein the method furthermore comprises 
the steps, carried out by the session concentrator, of: determining, among the 
information transmitted by the service provider in the network for conforming clients, 
information destined for the non-conforming client, transferring the determined 
information to the non-conforming client in the established session between the non- 
conforming client and the session concentrator (i.e., the access concentrator provides 
data intended for receipt by the non-compliant client as PPPoE compliant frames, page 
23, section 0022, over a network for compliant and non-compliant devices, Fig. 1). 

With regard to claim 3, Hare teaches wherein a number of service providers can 
be accessed by clients (i.e., the concentrator provides access to a service provider, 
page 2, section 0017), each service provider being accessible via at least one network 
for clients that conform to the access control protocol (i.e., the concentrator provides 
access to a network, page 2, section 0017), and the method furthermore comprising 
determining the network for clients that conform to the access control protocol which 
allows access to the service provider for the non-conforming client, the determining step 
being carried out by the session concentrator, and transferring the information 
transmitted by the non-conforming client in the established session to the determined 
network for conforming clients (i.e., the client communicates in a bi-directional manner 
with one or more networks attached to the access concentrator, page 3, section 0025, 
therefore the concentrator must determine which of the networks the client was trying to 
reach). 
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With regard to claim 6, Hare and Sobel teach the subject matter of claim 1 
above. Hare teaches wherein the client accesses the telecommunication network via a 
Digital Subscriber Line Access Multiplexor (i.e., the access concentrator can be a 
DSLAM, page 2, section 0017). As discussed in claim 1, Sobel teaches check in for 
compliance with an access protocol, and Hare further teaches the Digital Subscriber 
Line Access Multiplexor determines whether or not the client conforms to the protocol 
(i.e., a gateway the determines compliance with a protocol that is attached to a DSLAM, 
Fig. 1 , however a concentrator is capable supporting multiple architectures). Therefore, 
the limitations of claim 6 are rejected in the analysis of claim 1 above, and the claim is 
rejected on that basis. 

With regard to claim 1 1 , Hare teaches a system for access by a client to services 
provided by a service provider (i.e., client is given access to the private networks and 
the world wide web, page 2, section 0018), the client being able to transmit and/or 
receive information according to a point-to-point transport protocol via a 
telecommunication network (i.e., client communicates using PPPoE, page 2, section 
0016), and a session concentrator which is able to transmit and/or receive information 
according to the point-to-point transport protocol (i.e., clients can communicate with the 
access concentrator using PPPoE, Abstract). Hare does not teach the 
telecommunication network including an access control protocol to control access to the 
services provided by the service provider, the system comprising: means for 
determining whether or not the client conforms to the access control protocol, means for 
authorizing the client that does not conform to the access control protocol to access a 
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network for non-conforming clients, the network for non-conforming clients being set up 
on the telecommunication network and allowing access to the session concentrator, 
means for establishing a session between the client and the session concentrator 
according to the point-to-point transport protocol on the network for non-conforming 
clients 

However, Sobel teaches the telecommunication network including an access 
control protocol to control access to the services provided by the service provider (i.e., 
network access to a corporate network is controlled by security policies, col. 3, lines 45- 
55), the system comprising: means for determining whether or not the client conforms to 
the access control protocol (i.e., a compliance verification component determines if the 
client complies with the security policies, col. 4, lines 17-21), means for authorizing the 
client that does not conform to the access control protocol to access a network for non- 
conforming clients (i.e., non-compliant clients are given access to a restricted network, 
col. 5, lines 37-45), the network for non-conforming clients being set up on the 
telecommunication network and allowing access to the session concentrator (i.e., Sobel 
teaches setting up a restricted network for non-compliant devices, cols. 2-3, lines 59-12, 
and Hare teaches allowing non-conforming clients access to a concentrator, Abstract, 
therefore teaching allowing access to the concentrator using the restricted network), 
means for establishing a session between the client and the session concentrator 
according to the point-to-point transport protocol on the network for non-conforming 
clients (i.e., as discussed above Hare teaches communicating with a concentrator using 
PPPoE and Sobel teaches assigning non-compliant clients to a separate network, 
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therefore teaching assigning the PPPoE clients communicating with the concentrator 
that are not compliant to the restricted network), and means for transferring, by the 
session concentrator, the information transmitted by the non-conforming client in the 
established session to a network for clients that conform to the access control protocol, 
the network for conforming clients being set up on the telecommunication network and 
allowing access to the services provided by the service provider, and reciprocally (i.e., 
Sobel teaches a network for compliant devices, cols. 2-3, lines 59-12, and Hare teaches 
connecting compliant devices to the concentrator, Abstract, therefore teaching allowing 
devices on the compliant network access to the concentrator and the services provided 
by the service provider) in order to ensure compliance with network access policies (col. 
1 , lines 6-9). Therefore, based on Hare in view of Sobel, it would have been obvious to 
a person having ordinary skill in the art at the time the invention was made to utilize the 
teaching of Sobel in the system of Hare in order to ensure compliance with network 
access policies. 

With regard to claim 12, Hare and Sobel teach the subject matter of claim 1 
above. Hare teaches a computer readable medium arrangement or storage device 
arrangement including a computer readable indicia, said program comprising 
instructions for enabling a computer system to carry out the method according to claim 
1 when the medium arrangement or stored device arrangement is loaded and run by the 
computer system (i.e., Fig. 1 teaches a system of computer components that must have 
program instructions for carrying out the disclosed invention stored therein). 
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8. Claims 4-5, and 7-10 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hare et al. (U.S. Pub. No. 2003/0167338) in view of Sobel et al. (U.S. Pat. No. 
7,249,187), and further in view of Malik ("Network Security Principles and Practices", 15 
November 2002, Cisco Press) 

With regard to claim 4, Hare and Sobel teach the claimed subject matter as 
discussed above in claim 1 . Additionally, Hare teaches wherein the step of establishing 
the session between the non-conforming client and the session concentrator includes 
sub-steps, carried out by the session concentrator, of: receiving at least one broadcast 
message which is transmitted by the client on the network for clients, the broadcast 
message comprising at least the address of the client (i.e., a client using PPPoE, pages 
2-3, section 0020, during the discovery phase of a PPPoE a client will send out a 
broadcast message to its neighbors that includes the client address). Hare and Sobel 
do not teach transferring on the network for clients at least one identification request 
message destined for the client. However, Malik teaches transferring on the network for 
clients at least one identification request message destined for the client (i.e., an EAP 
request packet is sent asking for the supplicant's identity, pages 5-6) in order to 
authenticate data communication between two devices (page 3). Therefore, based on 
Hare in view of Sobel, and further in view of Malik, it would have been obvious to a 
person having ordinary skill in the art at the time the invention was made to utilize the 
teaching of Malik in the s of Hare in order to authenticate data communication between 
two devices. 
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With regard to claim 5, Hare and Sobel do not teach wherein the step of 
establishing the session between the client and the session concentrator furthermore 
comprises sub-steps, carried out by the session concentrator, of receiving at least one 
message comprising at least one identifier which is transmitted by the client on the 
network for non-conforming clients, transferring the identifier to an authentication server, 
obtaining an authenticator for the client and transferring the authenticator to the 
authentication server, establishing the session if the authentication server authenticates 
the client. However, Malik teaches wherein the step of establishing the session between 
the client and the session concentrator furthermore comprises sub-steps, carried out by 
the session concentrator, of receiving at least one message comprising at least one 
identifier which is transmitted by the client on the network for non-conforming clients 
(i.e., the EAP packet containing the client ID is sent to the authenticator, pages, 5-6), 
transferring the identifier to an authentication server (i.e., the packet containing the 
identifier is forwarded to the authentication server, pages 5-6), obtaining an 
authenticator for the client and transferring the authenticator to the authentication server 
(i.e., client sends a response to the challenge to the authenticator, pages 5-6), 
establishing the session if the authentication server authenticates the client (i.e., if the 
challenges is successful the port is opened, pages 5-6). Therefore, the limitations of 
claim 5 are rejected in the analysis of claim 4 above, and the claim is rejected on that 
basis. 

With regard to claim 7, Hare and Sobel teach the subject matter of claim 6 
above. Additionally, Hare teaches wherein if the client conforms to the access control 
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protocol in claim 6 above. Hare and Sobel do not teach where the Digital Subscriber 
Line Access Multiplexor authorizes the client that conforms to the access control 
protocol to access a network for conforming clients, the network for conforming clients 
being set up on the telecommunication network and allowing access to a service 
provider. However, Malik teaches where the Digital Subscriber Line Access Multiplexor 
authorizes the client that conforms to the access control protocol to access a network 
for conforming clients, the network for conforming clients being set up on the 
telecommunication network and allowing access to a service provider (i.e., the 
authentication occurs at layer 2 by a layer 2 device, pages 2-3, and since a concentrator 
is a layer 2 device it teaches using the concentrator to authenticate and allow access to 
the network clients who comply with the 802.1 x protocol.) in order to authenticate data 
communication between two devices (page 3). Therefore, based on Hare in view of 
Sobel, and further in view of Malik, it would have been obvious to a person having 
ordinary skill in the art at the time the invention was made to utilize the teaching of Malik 
in the system of Hare in order to authenticate data communication between two 
devices. 

With regard to claim 8, Hare teaches wherein a number of service providers can 
be accessed by clients (i.e., the invention gives clients access to private networks and 
the world wide web, page 2, section 0018), each service provider being accessible via 
at least one network for clients that conform to the access control protocol (i.e., 
compliant clients are given access to the network, page 2, sections 0017-0018), and a 
Digital Subscriber Line Access Multiplexor (i.e., DSLAM, page 2, section 0017) 
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Hare does not teach the method furthermore comprises determining the network for 
clients that conform to the access control protocol which allows access to the service 
provider for the conforming client, and the determining step being carried out by the 
Digital Subscriber Line Access Multiplexor, and transferring the information transmitted 
by the conforming client to the determined network for conforming clients. However, 
Sobel teaches the method furthermore comprises determining the network for clients 
that conform to the access control protocol which allows access to the service provider 
for the conforming client (i.e., security policy compliant devices are assigned to the 
compliant network, col. 3, lines 28-44), and the determining step being carried out by 
the Digital Subscriber Line Access Multiplexor (i.e., compliance checking is 
implemented in a network appliance, page 3, lines 28-44), and transferring the 
information transmitted by the conforming client to the determined network for 
conforming clients (i.e., complying clients are assigned to the compliant network, col. 3, 
lines 28-44, and therefore able to transmit and receive data communications on that 
network). Therefore, the limitations of claim 8 are rejected in the analysis of claim 7 
above, and the claim is rejected on that basis. 

With regard to claim 9, Hare teaches wherein the telecommunication network is a 
network of the GigaEthernet type (i.e., a LAN utilizing an Ethernet protocol, page 2, 
section 0017 and it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to use a GigaEthernet type), and in that the point-to- 
point transport protocol is a protocol in accordance with recommendation RFC 2516 
(i.e., PPPoE, page 2, section 0016, PPPoE is in accordance with RFC 2516). Hare and 
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Sobel do not teach the access control protocol is a protocol of the 8021 x type. However, 
Malik teaches the access control protocol is a protocol of the 8021 x type (i.e., access 
control using the 802. 1x standard, pages 2-3). Therefore, the limitations of claim 9 are 
rejected in the analysis of claim 7 above, and the claim is rejected on that basis. 

With regard to claim 10, Hate teaches wherein the information transmitted 
according to the point-to-point transport protocol is in the form of packets, and the 
session concentrator, before transferring the information transmitted by the non- 
conforming client in the established session to a network for clients that conform to the 
access control protocol, forms information frames from the packets (i.e., a concentrator 
sending and receiving information using PPPoE, Fig. 1, and page 2, section 0015, 
because broadly construed a packet is any unit of data transferred over a network, 
frames are packets at layer two, and a concentrator is a layer two device, therefore the 
data sent is in the form of packets and information frames are formed from the packets). 



Conclusion 

9. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 



1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MARK PFIZENMAYER whose telephone number is 
(571 )270-7214. The examiner can normally be reached on Monday - Friday 8:00 - 5:30 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Hwang can be reached on (571)272-4036. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Mark Pfizenmayer 
Patent Examiner 
2 February 2010 



/Joon H. Hwang/ 

Supervisory Patent Examiner, Art Unit 2447 



